CVE-2022-1253 — Heap-based Buffer Overflow in Libde265

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write CWE-59 — Link Following CWE-476 — NULL Pointer Dereference CWE-908 — Use of Uninitialized Resource10 documents7 sources

Severity

9.8CRITICALNVD

OSV6.5CISA7.8

EPSS

0.5%

top 34.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Struktur Libde265 Debian Libde265 Strukturag Libde265

Timeline

PublishedApr 6

Latest updateSep 15

Description

Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5strukturag/strukturag_libde265unspecified — 1.0.8

▶debiandebian/libde265< libde265 1.0.8-1.1 (bookworm)

▶Debianstruktur/libde265< 1.0.11-0+deb11u1+3

▶Ubuntustruktur/libde265< 1.0.4-1ubuntu0.2+3

▶NVDstruktur/libde2651.0.8

Patches

Patch: github.com ↗Patch: huntr.dev ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

libde265 vulnerabilities↗2024-02-08

▶

GHSA

GHSA-232g-h7w4-2pxj: Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to 1↗2022-04-07

▶

OSV

CVE-2022-1253: Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1↗2022-04-06

▶

📋Vendor Advisories

Red Hat

kernel: chardev: fix error handling in cdev_device_add()↗2025-09-15

▶

Ubuntu

libde265 vulnerabilities↗2024-02-08

▶

CISA

Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability↗2022-03-15

▶

Debian

CVE-2022-1253: libde265 - Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and...↗2022

▶

Red Hat

kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls↗2011-04-14

▶